SonarQube project not producing results

SonarQube Server / Community Build
1

Hello,

I have been working with our automation team standing up an ADO pipeline and while the ADO pipeline says that it successfully produced results, when I look at the actual SonarQube project, the results are not there. Would like some help on this please.

Thanks!

2

Hi Blake,

We’ll need a lot more specifics if we’re to help.

  • What version and edition of SonarQube?
  • Are you using our extension for Azure DevOps to add analysis tasks to your pipeline?
  • Can you share logs of those tasks?
  • Did you create the project first on the SonarQube side? Are you hoping to create it from this first analysis and not finding it? Something else?
3

Hi @Jeff_Zapotoczny please see the answers to your questions below:

  • What version and edition of SonarQube? - We are using Version 6.7.7, but we currently in the process of upgrading. I do know that the outdated version isn’t the issue here because we have another SonarQube project from this same ADO project that is producing results
  • Are you using our extension for Azure DevOps to add analysis tasks to your pipeline? Yes, we are currently using your extensions (Prepare Analysis on SonarQube and Run Code Analysis)
  • Can you share logs of those tasks? - Prepare analysis on SonarQube log - Insight Next Automation.txt (2.6 KB) . Run Code Analysis - Insight Next Automation.txt (262.3 KB)
  • Did you create the project first on the SonarQube side? Are you hoping to create it from this first analysis and not finding it? Something else? - Like the other SonarQube project from this same ADO Project, we created the SonarQube project first. Basically, we are trying to run a separate MS Build from the other one from this project that works.

It might be easier for us to get on a call early next week. Let me know of your availability and what email to send the invite to

4

Hi Blake,

I can’t dive deeply into supporting something as old as 6.7 (which is now 2 LTS versions behind) so as a first course of action, I certainly encourage you to upgrade.

The logs of your analysis look like they should have successfully produced a result:

ANALYSIS SUCCESSFUL, you can browse https://sonarqube.crowe.com/dashboard/index/InsightNextAutomation2

So what do you see if you browse to that URL? It should be a project dashboard with metrics reported. You haven’t clarified what “not producing results” means.

Last note: community support is offered on a best-effort basis and we don’t engage in calls or live troubleshooting. If your company has a commercial support contract with us, I encourage you to file a ticket with us rather than posting here.

5

@Jeff_Zapotoczny

Sorry for not being clear, when I say not producing results I mean that there are zeros across the board. There are no bugs, vulnerabilities, code smells, etc. I know this isn’t right because the developers of this project told me there code is producing vulnerabilities in Visual Studio.

SonarQube Troubleshooting
SonarQube Troubleshooting1259×808 53.2 KB

6

The Code tab of the project will let you explore and confirm whether the analyzers visited the correct files; I suggest you do a direct comparison with one of the locations where there are “known” issues and confirm at least that the same code was analyzed by SonarQube.

If the developers are using SonarLint within Visual Studio, then the version of your SonarQube installation is holding you back from seeing all the same issues that SonarLint can report; SonarLint’s included analyzers are far more updated than what was included with SonarQube 6.7. Upgrade to the current LTS (8.9) and try again.

If vulnerability detection is a priority, I encourage you to also consider an edition upgrade to at least Developer Edition which includes our taint analysis engine and many more security rules.